1 files changed, 51 insertions, 0 deletions

diff --git a/server/src/Endpoints/Internal/Account/UpdateAccountRoute.cs b/server/src/Endpoints/Internal/Account/UpdateAccountRoute.cs
new file mode 100644
index 0000000..a997dcb
--- /dev/null
+++ b/server/src/Endpoints/Internal/Account/UpdateAccountRoute.cs
@@ -0,0 +1,51 @@
+namespace IOL.GreatOffice.Api.Endpoints.Internal.Account;
+
+public class UpdateAccountRoute : RouteBaseAsync.WithRequest<UpdatePayload>.WithActionResult
+{
+	private readonly AppDbContext _context;
+
+	/// <inheritdoc />
+	public UpdateAccountRoute(AppDbContext context) {
+		_context = context;
+	}
+
+	/// <summary>
+	/// Update the logged on user's data.
+	/// </summary>
+	/// <param name="request"></param>
+	/// <param name="cancellationToken"></param>
+	/// <returns></returns>
+	[HttpPost("~/_/account/update")]
+	public override async Task<ActionResult> HandleAsync(UpdatePayload request, CancellationToken cancellationToken = default) {
+		var user = _context.Users.SingleOrDefault(c => c.Id == LoggedInUser.Id);
+		if (user == default) {
+			await HttpContext.SignOutAsync();
+			return Unauthorized();
+		}
+
+		if (request.Password.IsNullOrWhiteSpace() && request.Username.IsNullOrWhiteSpace()) {
+			return BadRequest(new ErrorResult("Invalid request", "No data was submitted"));
+		}
+
+		if (request.Password.HasValue() && request.Password.Length < 6) {
+			return BadRequest(new ErrorResult("Invalid request",
+											  "The new password must contain at least 6 characters"));
+		}
+
+		if (request.Password.HasValue()) {
+			user.HashAndSetPassword(request.Password);
+		}
+
+		if (request.Username.HasValue() && !request.Username.IsValidEmailAddress()) {
+			return BadRequest(new ErrorResult("Invalid request",
+											  "The new username does not look like a valid email address"));
+		}
+
+		if (request.Username.HasValue()) {
+			user.Username = request.Username.Trim();
+		}
+
+		await _context.SaveChangesAsync(cancellationToken);
+		return Ok();
+	}
+}